5 Replies Latest reply: Jan 12, 2015 7:02 AM by David_x
41Mac Level 1 Level 1 (0 points)

Have a mac mini server with 10.8 and server 2.2.1 on the internal network that has the log files filling up with some crazy entries:

 

May 10 17:11:51 myservername.mydomain.com mDNSResponder[43]: CacheRecordAdd: db._dns-sd._udp.0.##.##.##.in-addr.arpa. (PTR) has 4167 answers; shedding records to resist DOS attack

 

thousdands of these lines.  Since its on an internal network, pretty sure we are not getting a DOS attack... or are we?


Mac mini
  • cpragman Level 2 Level 2 (450 points)

    mDNSResponder is part of Bonjour.  It seems to put lots of info in the log. If you google it, you'll see lots of people complaining about all kinds of scary sounding log entries that basically mean nothing.

  • MrHoffman Level 6 Level 6 (13,020 points)

    With some guesses around the scale of your network and its particular configuration...   If you're not using Bonjour on your internal network, then look to filter the mDNS traffic at your switches.  If you are, then consider setting up or tailoring vLANs for smaller groups.

  • Simon Slavin Level 4 Level 4 (1,400 points)

    There is no DOS attack.  The text of the message is poorly chosen.  Your internal network is configured in an unusual way and is allowing messages to bounce around internally forever.  A DNS query is getting thousands of replies which is probably just one or two replies bounced around repeatedly from switch to switch.  That message from the Mac is just a warning that the Mac isn't bothering to look at all the replies to see if they agree with one-another, it is ignoring most of them.

     

    If you have a curious network technician you might tell them about this message but it's not causing your computer any significant harm, it's just a sign that useless messages are clogging your internal network, possibly slowing it down for genuine traffic.

  • Bradley Chapman Level 1 Level 1 (10 points)

    Found this via Google.  I'll add to the chorus that my Mac Mini Server (10.8.5) was doing the same thing tonight.  It said there were millions of answers, which was impossible.  I have a pretty simple network with a Router/AP and an 8-port unmanaged switch connected to that.  My system.log file had grown to 4GB in just two hours, and the CPU usage of mDNSResponder was pretty high.

     

    I solved it by restarting the server.

  • David_x Level 4 Level 4 (3,010 points)

    For anyone else finding this, I stopped the messages by issuing Terminal command...

     

    sudo killall mDNSResponder

     

    It respawns after killing. First tried a -HUP but that had no effect. No idea if the forced kill had any effect on other services (none reported) but I couldn't do a restart but needed to track other log messages (which was impossible with all the mDNS ones).